WASHINGTON (AP) — Visa and MasterCard want banks and
retailers to work together on securing customer data and stop blaming
each other after a massive data breach during the holiday season.
The
two payment networks announced Friday that they are bringing together
large and small banks, credit unions, retailers, makers of card
processing equipment and industry trade groups in a group that aims to
strengthen the U.S. payment system for credit and debit cards.
The
data breaches affecting Target Corp., the No. 2 U.S. discounter, and
luxury retailer Neiman Marcus have shaken consumers’ confidence.
An
estimated 40 million credit and debit card accounts were affected by
the breach at Target. Stolen were customers’ names, credit and debit
card numbers, card expiration dates, debit-card personal identification
numbers and the embedded codes on the cards’ magnetic strips. The theft
could be the biggest data breach on record for a U.S. retailer.
About 1.1 million Neiman Marcus customer accounts were also affected in a breach last year.
In
the wake of the episodes the banking and retailing industries, each
armed with lobbying clout, began pointing fingers at each other. Their
trade groups peppered lawmakers with letters arguing why the other
industry must do more — and spend more — to protect consumers.
The
initial focus of the new group will be on banks’ adoption of embedded
digital chips for storing account information on debit and credit cards.
Compared with the current magnetic strips, it’s a system that typically
makes data theft harder and is common in other countries. While it’s
not clear whether the chips would have prevented the Target breach,
experts say they make it tougher for thieves to make counterfeit cards
using stolen credit and debit card numbers.
Many retailers want
the chips, but they also want each debit or credit card transaction to
require a personal identification number instead of a signature. Experts
say it’s harder for criminals to steal personal identification numbers
than to forge signatures. Some retailers are resisting the switch to
PINs — planned to take effect by the fall of 2015 — because they’ll be
forced to buy newer, more expensive card readers.
Both chips and
PINs are needed to ensure the security of customer data, said National
Retail Federation President and General Counsel Mallory Duncan in a
statement.
The new group will also look at other security ideas,
such as using one-time numbers to add a layer of security to online
sales, and better encryption.
MasterCard spokesman Seth Eisen
declined Friday to provide the names of banks, retailers and other
prospective participants, saying the group’s formation was at an early
stage.
__
Business Writer Josh Freed contributed to this report.
Copyright 2014 The Associated Press. All rights
reserved. This material may not be published, broadcast, rewritten or
redistributed.